I DISCOVERED A GLITCH IN YAHOO’S SECURITY AND ALL I GOT WAS THIS LOUSY T-SHIRT

SECURITY EXPERTS ALERTED YAHOO’S SECURITY TEAM TO VULNERABILITIES THAT COULD COMPROMISE ANY @YAHOO.COM EMAIL ACCOUNT. IN RETURN, THEY GOT $12.50 TO SPEND AT THE COMPANY STORE.

Let’s say you’re dying to get your hands on that Yahoo-branded iPad cover from the company’s store (we won’t ask you why). Here’s a cool way to get $12.50 off your purchase:

Find a security bug in a Yahoo website.

Report it to Yahoo.

Receive a promo code for $12.50 off anything in Yahoo’s company store.

Feel all warm and fuzzy inside.

This is exactly what happened to the security experts at the Geneva-based firm High-Tech Bridge recently (we’re pretty sure they were not feeling warm and fuzzy). After reporting three cross-site scripting (XSS) vulnerabilities to Yahoo’s security team that could compromise any @yahoo.com email account by having a logged-in Yahoo user click on a specially crafted link, they got a thank-you email from Yahoo, and a handsome reward of $12.50 to use on the company’s online store where you can buy Yahoo-branded socks, t-shirts, and other things.

High-Tech Bridge CEO Ilia Kolochenko says: “Yahoo should probably revise their relations with security researchers. Paying several dollars per vulnerability is a bad joke and won’t motivate people to report security vulnerabilities to them, especially when such vulnerabilities can be easily sold on the black market for a much higher price.”

Online IT magazine founded in February 2009 with 50+ contributors. Up-to-date and comprehensive coverage of IT news with focus on bringing out IT news from all corners of Sri Lanka. The Sri Lankan IT site that engages with an unprecedented 150,000 readers on a monthly basis. Get in touch with us if you have news that needs publishing on our site or to cover an event in Sri Lanka.